Difference between revisions of "Episode259"

From Security Weekly Wiki
Jump to navigationJump to search
Line 6: Line 6:
 
PaulDotCom Security Weekly - Episode 259 for Thursday September 15th, 2011.
 
PaulDotCom Security Weekly - Episode 259 for Thursday September 15th, 2011.
  
* Paul will be handing out free tacos during his [http://www.sans.org/network-security-2011/description.php?d=4921 "Advanced Vulnerability Scanning Techniques Using Nessus"]  talk Saturday, September 17 - Sunday, September 18 at SANS/Las Vegas.
+
* Paul will be handing out free tacos during his [http://www.sans.org/network-security-2011/description.php?d=4921 "Advanced Vulnerability Scanning Techniques Using Nessus"]  talk Saturday, September 17 - Sunday, September 18 at SANS/Las Vegas. (Larry and John will be there, Teaching HackLab, speaking and TA'ing)
  
 
* DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - [http://www.derbycon.com/automating-post-exploitation-with-metasploit "Automating Post Exploitation with Metasploit"] Friday and Saturday of the Con from 4:00PM to 9:00PM.
 
* DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - [http://www.derbycon.com/automating-post-exploitation-with-metasploit "Automating Post Exploitation with Metasploit"] Friday and Saturday of the Con from 4:00PM to 9:00PM.
Line 14: Line 14:
 
* Don't forget to [http://pauldotcom.com/ Read our blog], [http://mail.pauldotcom.com/listinfo Participate on our mailing list], [http://pauldotcom.com/insider/ Visit PaulDotCom Insider], [http://twitter.com/pauldotcom Follow us on Twitter], [irc://irc.freenode.net/pauldotcom Join the IRC channel at irc.freenode.net #pauldotcom], [http://pauldotcom.blip.tv Watch our Videos] and [http://www.facebook.com/therealpauldotcom Add us on Facebook] where we can be "friends"
 
* Don't forget to [http://pauldotcom.com/ Read our blog], [http://mail.pauldotcom.com/listinfo Participate on our mailing list], [http://pauldotcom.com/insider/ Visit PaulDotCom Insider], [http://twitter.com/pauldotcom Follow us on Twitter], [irc://irc.freenode.net/pauldotcom Join the IRC channel at irc.freenode.net #pauldotcom], [http://pauldotcom.blip.tv Watch our Videos] and [http://www.facebook.com/therealpauldotcom Add us on Facebook] where we can be "friends"
  
* We're spinning up a new mini-podcast/videocast and we and we're looking for topics from our listeners.
+
* We're spinning up a new mini-podcast/videocast (Hack Naked at Night with Larry and Darren) and we and we're looking for topics from our listeners - specifically, what type of pentest device do you want us to build out of a roomba? Send suggestions to psw@pauldotcom.com
  
 
= Guest Interview:  Dino A. Dai Zovi =
 
= Guest Interview:  Dino A. Dai Zovi =

Revision as of 20:28, 15 September 2011


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 259 for Thursday September 15th, 2011.

  • Don't forget to check out Hack Naked TV - where John Strand promises to record from an airport bathroom near you!
  • We're spinning up a new mini-podcast/videocast (Hack Naked at Night with Larry and Darren) and we and we're looking for topics from our listeners - specifically, what type of pentest device do you want us to build out of a roomba? Send suggestions to psw@pauldotcom.com

Guest Interview: Dino A. Dai Zovi

7:30 PM EDT

Ddz.jpg

Dino's blog

  1. In your Source Boston Keynote you talked about Attacker Math - what was the keynote about?
  2. Why might java a preferred vector for exploit for attacks?
  3. Explain the reasoning why Exploiting the kernel is the cheapest path from Unprivileged Native Code Execution to Privileged Code/Command Execution
  4. Tell us about JailBreakMe's signficance.
  5. How did you come up with the reasoning that "The cost to discover and reliably exploit a vulnerability in a particular product is less than the sum of a claimed Pwn2Own prize for that product, the value of the laptop, and the value of fame to that researcher.
  6. If your defense is cheaper than their offense, you will gain the advantage - give us some examples of cheap defense that leverage very well.

Guest Tech Segment: Elie Bursztein talks about An Analysis of Private Browsing Modes in Modern Browsers

8:15 EDT

  1. Explain the distinction you're making when you indicate "Firefox and Chrome, [attempt] to protect against a local attacker and take some steps to protect against a web attacker, while Safari only protects against a local attacker."
  2. How do browser extensions undermine private browsing modes in the various browsers?
  3. Do each of the browsers handle their extensions the same in private browsing mode?

Elie's website

Elie on twitter

Stories For Discussion

Blog Round Up

Larry's Stories

  1. AR Drone anyone? - [Larry] - AR Drone retrofitted with an SBC and 3G connection, finds your wireless networks, pwns then scans your networks. Then once boxen are pwned, they will connect outbound to your server. Guess who put my ideas for a partially finished project. On another note, I think I need to go to Usenix Securty next year.
  2. Packed craft VM - [Larry] - Want to get down with your packed foo? How about this Live CD from Mike Poor inguardians/packetstan? Boot it up and all the tools you will need to Capture, Analyze, craft anr replay packets are there. This sounds like a great companion to TCP/IP Illustrated.
  3. Typosquatting pwnage - [Larry] - So, here's another take on the evil twin attack - typo squat domains that are similar to real ones, then accept all incoming information. Evil twin? Yeah, go register all the domain names similar to subdomains - IE se.ibm.com vs. seibm.com. It was shocking to me to see that the research captured 20 GB of data in just a short period of time, jsut on people's mis-typing. I'd love to see the results of some of our e-mails over at paul.com
  4. Dude, where's {my|your|anyones} car - [Larry] - Australian shopping mall rolls out iphone app so that you can find your car when you forget where you park in the garage. Just plug in your plate number, and it uses the garage camera system with license plate recognition to tell you where it is. Ther is at least two problems: One, you can search for ANYONE's plate to see if they are there. Two, portions of the API were posted publicly (read as leaked) on a text sharing site, which in combination with analyses of the URLS used by the app allow for public querying to the internet, without the app. So, aside from the privacy issue, how is that DLP solution looking?
  5. [1] - [Larry] - Luigi Auriemma wants information to be free, so true to his word he released a metric buttload of vulnerabilities (with associated instructions) for 6 different SCADA manufacturer systems.

Paul's Stories